Analysis Overview
SHA256
9b810cd2c0fd928830a3365c83bb51ebbb8755d8dcc01e331244bf47a7a81dea
Threat Level: Shows suspicious behavior
The file a55b2ed02490254f92796a1b32607e10_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped Dex/Jar
Queries information about active data network
Requests dangerous framework permissions
Queries the unique device ID (IMEI, MEID, IMSI)
Registers a broadcast receiver at runtime (usually for listening for system events)
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 11:43
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-13 11:43
Reported
2024-06-13 11:47
Platform
android-x64-arm64-20240611.1-en
Max time kernel
178s
Max time network
171s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 | N/A | N/A |
| N/A | /data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709!classes2.dex | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Processes
com.myapp
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | api.jetrohe.pw | udp |
| IE | 34.246.200.160:443 | api.jetrohe.pw | tcp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 216.58.201.110:443 | tcp | |
| GB | 142.250.179.226:443 | tcp |
Files
/data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
| MD5 | ec4d46c643c29ee1367bf791e701ada2 |
| SHA1 | 820d491b682ef5ea4634a73fef5987d00c276150 |
| SHA256 | a1874afbe0441c906eaaebc03f9a7a647729c6e9e75a7cdb34bef7742438e0b4 |
| SHA512 | 4d351ab5365bbfcb01abebf9176d6ceb21f6cb56532412485d90524ea3f39207635bae8e4382bdd37959532b672ca249b2084529c8641109a6ff1c4f5a8f36a7 |
/data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
| MD5 | 6eef034d5ac3da6c619cddfb20df2e81 |
| SHA1 | 1529d69d265f50717c1bf9ae7546b2a80831588a |
| SHA256 | 930ec1fe7ff09ef6c66fda123e868d5e7989689fa17d1833e5a04716d296a6cc |
| SHA512 | ffe20e767be04cde31942228b939788edf0c0c89138b43703b983ffd05ad32350a762bc78410aa1e9e7a59cf0b3f05112001c1254e9ac0544cd9a4d9fe641d76 |
/data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709!classes2.dex
| MD5 | f2bdd37bca225c125cb8cdf59e8b70d3 |
| SHA1 | 8744919e45d714b2ba75ef286eb3f20795e4bb78 |
| SHA256 | 9cab997e28849d98c628e9fc572ca29036b166c77d3e935ee492d565a303f5ae |
| SHA512 | 67fdc6a1466ed8953c5ed409a2b810904d8351a3279043bc48fd6cb5290ba77bb732af7cc854b73948c26241a25f7de6acd6c90a1554d18e01aa91667e089768 |
/storage/emulated/0/Google/google.id
| MD5 | e76e30708ebff27860163c4b7553bfc1 |
| SHA1 | 4bc4f9849df5080d9846f1a75003a4a3018f42b5 |
| SHA256 | 5a9c6a71bdefe4f0e400a52426733e507d3698ce8ce50e243a0cfcd9b9d0a360 |
| SHA512 | dc8c2281054a8709699caf2e8dc706a0838f3fc60abd6b843e5743849c90b38327a63b073d36c11e30675d5cbc90bbb6561d05798a0caa1afeba5842c6d42119 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 11:43
Reported
2024-06-13 11:47
Platform
android-x86-arm-20240611.1-en
Max time kernel
178s
Max time network
131s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 | N/A | N/A |
| N/A | /data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709!classes2.dex | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Processes
com.myapp
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | api.jetrohe.pw | udp |
| IE | 34.246.200.160:443 | api.jetrohe.pw | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| GB | 216.58.212.202:443 | tcp |
Files
/data/data/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
| MD5 | ec4d46c643c29ee1367bf791e701ada2 |
| SHA1 | 820d491b682ef5ea4634a73fef5987d00c276150 |
| SHA256 | a1874afbe0441c906eaaebc03f9a7a647729c6e9e75a7cdb34bef7742438e0b4 |
| SHA512 | 4d351ab5365bbfcb01abebf9176d6ceb21f6cb56532412485d90524ea3f39207635bae8e4382bdd37959532b672ca249b2084529c8641109a6ff1c4f5a8f36a7 |
/data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
| MD5 | 6eef034d5ac3da6c619cddfb20df2e81 |
| SHA1 | 1529d69d265f50717c1bf9ae7546b2a80831588a |
| SHA256 | 930ec1fe7ff09ef6c66fda123e868d5e7989689fa17d1833e5a04716d296a6cc |
| SHA512 | ffe20e767be04cde31942228b939788edf0c0c89138b43703b983ffd05ad32350a762bc78410aa1e9e7a59cf0b3f05112001c1254e9ac0544cd9a4d9fe641d76 |
/data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709!classes2.dex
| MD5 | f2bdd37bca225c125cb8cdf59e8b70d3 |
| SHA1 | 8744919e45d714b2ba75ef286eb3f20795e4bb78 |
| SHA256 | 9cab997e28849d98c628e9fc572ca29036b166c77d3e935ee492d565a303f5ae |
| SHA512 | 67fdc6a1466ed8953c5ed409a2b810904d8351a3279043bc48fd6cb5290ba77bb732af7cc854b73948c26241a25f7de6acd6c90a1554d18e01aa91667e089768 |
/storage/emulated/0/Google/google.id
| MD5 | b35134b09bea6043d421edf5452d84d7 |
| SHA1 | f8901f1055f29907397d25263f2037ad0c4f46d4 |
| SHA256 | 5ddbb57603ce07777a0fb724c8eb10f434cbc7d64b5619668f9b985c0826c318 |
| SHA512 | bd2198d0c548b5bddbfe2ca4114915ea7f206d62464b23ff2de2634221b0b248537f36c3daf478a36b61428e4dfdeaa3288ad0bbdd1ca402479e30ace0247ecb |
/data/data/com.myapp/cache/oat/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709.cur.prof
| MD5 | 145cdbd4d96f464f125f9fe298c996a1 |
| SHA1 | ef053a66385e09aa3488671d8987f662510ea136 |
| SHA256 | 2b42e9d5eab9e087ef000fdd9d7119623c82918024da397c6df250d8b5127749 |
| SHA512 | 3078422d2fe781b27d23409330d8f53929ba0ca0644857288f57e50e9482f39ad03f5d637809754464702a89300b641374f8032139a0868775fe7ffe3860380c |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 11:43
Reported
2024-06-13 11:47
Platform
android-x64-20240611.1-en
Max time kernel
178s
Max time network
148s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 | N/A | N/A |
| N/A | /data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709!classes2.dex | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries the unique device ID (IMEI, MEID, IMSI)
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Processes
com.myapp
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.212.200:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.178.10:443 | tcp | |
| US | 1.1.1.1:53 | api.jetrohe.pw | udp |
| IE | 34.246.200.160:443 | api.jetrohe.pw | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.201.110:443 | android.apis.google.com | tcp |
| GB | 216.58.213.14:443 | tcp | |
| GB | 142.250.178.14:443 | tcp | |
| GB | 216.58.201.98:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp |
Files
/data/data/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
| MD5 | ec4d46c643c29ee1367bf791e701ada2 |
| SHA1 | 820d491b682ef5ea4634a73fef5987d00c276150 |
| SHA256 | a1874afbe0441c906eaaebc03f9a7a647729c6e9e75a7cdb34bef7742438e0b4 |
| SHA512 | 4d351ab5365bbfcb01abebf9176d6ceb21f6cb56532412485d90524ea3f39207635bae8e4382bdd37959532b672ca249b2084529c8641109a6ff1c4f5a8f36a7 |
/data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
| MD5 | 6eef034d5ac3da6c619cddfb20df2e81 |
| SHA1 | 1529d69d265f50717c1bf9ae7546b2a80831588a |
| SHA256 | 930ec1fe7ff09ef6c66fda123e868d5e7989689fa17d1833e5a04716d296a6cc |
| SHA512 | ffe20e767be04cde31942228b939788edf0c0c89138b43703b983ffd05ad32350a762bc78410aa1e9e7a59cf0b3f05112001c1254e9ac0544cd9a4d9fe641d76 |
/data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709!classes2.dex
| MD5 | f2bdd37bca225c125cb8cdf59e8b70d3 |
| SHA1 | 8744919e45d714b2ba75ef286eb3f20795e4bb78 |
| SHA256 | 9cab997e28849d98c628e9fc572ca29036b166c77d3e935ee492d565a303f5ae |
| SHA512 | 67fdc6a1466ed8953c5ed409a2b810904d8351a3279043bc48fd6cb5290ba77bb732af7cc854b73948c26241a25f7de6acd6c90a1554d18e01aa91667e089768 |
/storage/emulated/0/Google/google.id
| MD5 | 78526364c6e0921ab18631072ed01820 |
| SHA1 | 2c111ba6821c7f0f2026011d01542966e6825989 |
| SHA256 | d0d829c801d27d9a0581bda09f427c199c5ad1a291357ae44786f5f82fb57e40 |
| SHA512 | bc6db9f277aaaef1d1b515c306b6bfbf5781b20692166627ce9d931329b630ef4b7fe7ed6fc5c9e92aaa7b834be4b3a36cd2674137aaceb18f492b296f86d48e |